For public safety, governments should incentivise warranties/support/maintenance for widely-used FOSS free & open-source software

  • FOSS licences
    • are on a spectrum of open/permissive (e.g. OSI) to restrictive (e.g. HPL bespoke/optional clauses)
    • don’t address (lack of) practical enforceability over billions of end users
    • don’t provide warranties/safety, even if critical
  • problems with ethos
    • free users are not paid customers, so are not covered by consumer protection laws
    • releasing source for public review/maintenance is not a substitute for basic warranties/support
    • large userbases are equivalent to “the general public”
    • developers of widely-used FOSS libraries can break the world (e.g. faker.js, colors.js, left-pad, xkcd#2347) or face expensive suits (e.g. NGINX)
  • proposal: encourage/incentivise developers of widely-used FOSS libraries to provide LTS long term support
    /basic warranties
    • governments & NGOs non-governmental organisation
      should sponsor support contracts purely in interest of public safety
      • current honours/awards/grants/knighthoods mainly focus on work with physical impact; not software
      • see e.g. TideLift
  • see also: OS is Illegal